Man is an animal suspended in webs of significance that he himself has spun...

Tuesday, January 24, 2012

Globalization, Cloud Services and the U.S. Patriot Act

As a lot of you may already know, I work in IT here in Europe. I was recently given a heads-up on an issue that I had completely missed in the media: how U.S. surveillance and anti-terrorist laws are impacting the ability of U.S. companies to compete in a global market.

It starts with something called the Patriot Act which was signed into law by U.S. President George Bush and extended by President Obama in 2011. This act gives the U.S. government broad powers to legally gather information on individuals and entities suspected of acting in ways that are dangerous to U.S. interests.

This Act has been defended as an unfortunate necessity in these troubled times and vilified as an intolerable attack on Americans' consitutional rights but I doubt anyone ever considered that it could be bad for U.S. economic interests as well.

At issue is something called "Cloud Technology" which allows companies or individuals to treat IT as a service that one can purchase from a utility company. Storage, processing power, even applications can be rented as a service like water or electricity. A company no longer needs to have physical servers/computer or local storage because they can just buy what they need from a Cloud Service provider. After a slow start Cloud Computing is now getting to be quite hot. Demand is growing. Politico reports that this is a 41 billion dollar industry that is projected to grow to 241 billion by 2020.

Given U.S. dominance in the computing industry one might expect that U.S. IT companies would be looking forward to reaping in record profits as a result of this new business opportunity. Well, maybe not and the Patriot Act is to blame.

Imagine that you are a multi-national corporation. Do you really want your data and critical applications stored in a country where the government can legally access that data or spy on how you do business? Other countries (like EU countries, for example) have much tougher data privacy laws and wouldn't it make much more sense to use their cloud services instead? That is exactly what is happening with European IT companies touting their cloud services as being much more secure and completely safe from the prying eyes of the U.S. government.

Tough to argue with their logic but the U.S. government, in response to outrage and concern from the U.S. IT industry, is trying. In the Politico article, Ambassador Philip Verveer, U.S. coordinator for International Communications and Information Policy at the State Department, said, “We think, to some extent, it’s taking advantage of a misperception, and we’d like to clear up that misperception.” Apparently even the Obama administration is attempting to limit the damage and reassure potential foreign clients of U.S. based IT services.

I doubt it will work and many others are of the same opinion. Jon Stokes in this article in Wired Magazine points out the following reasons that the U.S. government is simply not credible on this issue:

1. Private sector policies with respect to sharing data with law enforcement are not uniform across cloud providers, and they’re often not completely clear in how they’re stated.

2. Nasty surprises routinely crop up in the press, where we learn that this or that company is turning over customer data to the feds.

3. On a more general level, the US government has shown that when it comes to surveillance, it’s willing to ignore the law time and again.

4. US government agencies don’t trust their own sensitive data to foreign clouds, and often require that such data be stored in a US-based datacenter.

5. Contrary to what cloud companies and lobbyists would have you believe, the PATRIOT Act really does give the US government very broad powers to get their mitts on your data without you ever knowing about it.

This is another great example of how, in a globalized world, lawmakers need to be very careful about the international consequences of local law. A bad decision or a poorly crafted piece of local legislation can have a terrible impact on a country's ability to compete in the global marketplace. Cloud technology is a wonderful opportunity for U.S. IT companies and it could create a lot of jobs for Americans; Alas, it appears that their efforts in this area will be hampered by a ball and chain on their legs called the Patriot Act.

5 comments:

Don Pomodoro
said...

Great post.

The US IT sector has been at a disadvantage well before the Patriot Act and Cloud Computing arrived as well! Vincent Cate found he had to renounce citizenship back in the mid 90s to avoid contraveneing a US law forbidding US citizens to seel encryption software overseas:

http://www.efc.ca/pages/media/nytimes.06sep98.html

"If he were to offer any advice to non-U.S. citizens about the encryption work built into his financial transaction software, he would violate U.S. laws, which treat the transfer of such encryption as illegal international arms traffic. "

The more I think about it, the less free I am and the more restrictions that I have as a result of being a US citizen than any other nationality faces: can't visit Cuba, can't open a bank account, can't participate in foreign pension plans, can't have signing authority on company accounts overseas and so on. I just see road blocks placed in path now due to my citizenship and I'm sick of it.

Hi Don, I had no idea about Vincent Cate. Incredible.I completely agree with you about US citizenship really putting some serious constraints in your life. I'm experiencing similar issues.

Anonymous - thank you for leaving that note. Fascinating and the first direct account I've heard of companies switching to Europe because it offers more security. It does make sense. I know that the US gov is saying that this is all a misunderstanding of US law but I'm not sure what it is exactly that they think we don't understand? Are they saying that they plan to repeal the Patriot Act or stop enforcing it or that they guarantee to foreign companies that they will not peek at their data? With this much confusion I think the only rational response is the most conservative one - don't park your data anywhere near the US.

Canadian companies are providing forensically cleaned portable PC for personnel crossing the US border. DHS maintains the right to inspect and download data for future evaluation. This potentially violates lawyer/client privelege, and access to propriety information.